cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1154
Views
5
Helpful
12
Replies
John
Beginner

Sourcefire | List of sites under social networking category

Hi Team,

I would like to ask  on the possible copy of the url or site that is under social networking category in ffirepower/firesight.

12 REPLIES 12
Marvin Rhoads
VIP Community Legend

Brightcloud is the source Cisco uses for the URL categories.

You can lookup a given site using http://www.brightcloud.com/tools/url-ip-lookup.php.

You cannot download a copy of all the sites they include for a given category.

Hi Marvin ,

do you know how often they update this list ? Yesterday i totally gone crazy on one of customer ,i was not able to block most famous adult and proxy sites ? Is this a bug ?

It's upated continually - i.e. multiple times throughout the day.

Did you check the connection records for the traffic that was not being blocked and see the Category that FirePOWER assigned the traffic?

Yes ,i see that this site falls under Uncategorized site ,but when i check it on site it shows that it is already under adult category .

Are any sites showing up categorized correctly? If your FMC DNS lookups aren't working that would cause all site lookups to fail (= Uncategorized)

After verification commands i see that i can successfully connected to Brightcloud database and resolve it.

admin@firepower2:~$ sudo nslookup service.brightcloud.com
Server: 192.168.10.250
Address: 192.168.10.250#53

Non-authoritative answer:
Name: service.brightcloud.com
Address: 52.210.56.12
Name: service.brightcloud.com
Address: 52.18.164.250

Server: 192.168.10.250
Address: 192.168.10.250#53

Non-authoritative answer:
Name: database.brightcloud.com
Address: 52.51.55.250
Name: database.brightcloud.com
Address: 54.171.36.173
Name: database.brightcloud.com
Address: 52.50.161.77

admin@firepower2:~$ telnet service.brightcloud.com 80
Trying 52.18.164.250...
Connected to service.brightcloud.com.
Escape character is '^]'.

That appears to be OK.

Can you share a screen shot of your Acess Control Policy rules that you're using for URL Monitoring or Blocking?

If you cannot, it might be easiest to just open a TAC case.

Hi Marvin ,

FYI.

That looks straightforward.

Assuming it's deployed to your devices, I would expect that policy to block the defined categories as long as your source user was not a member of the Managers or IT Dept. groups.

I have used similar policies on FirePOWER 5.3 through 6.2 and they worked fine.

You might want to open a TAC case so they can work with you interactively.

I am sure that source was true ,but it doesnt match ,unfortunately I can not open TAC because customer still wants to test and compare it with Checkpoint and PaloAlto ,so what would you recommend to do ?

Is there any list of what are under each category that is in firesight?

Marvin Rhoads
VIP Community Legend

You can list the categories.

You cannot list the URLs that are within each category.